pocketenv.io / pocketenv
the universal sandbox runtime for agents and humans. pocketenv.io
sandbox openclaw agent claude-code vercel-sandbox deno-sandbox cloudflare-sandbox atproto sprites daytona
7
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add Wasmer sandbox deployment

Add Dockerfile, banner script, and Wrangler config for the wasmer
sandbox;
register the wasmer worker in the API and include it in the deploy
workflow.

Tsiry Sandratraina 22fabe95 07bbd446

+247
+1
.github/workflows/deploy.yml
··· 32 32 opencrust, 33 33 picoclaw, 34 34 zeroclaw, 35 + wasmer, 35 36 ] 36 37 steps: 37 38 - name: Checkout repository
+1
apps/api/src/cloudflare.ts
··· 17 17 picoclaw: "https://picoclaw.pocketenv.io", 18 18 pkgx: "https://pkgx.pocketenv.io", 19 19 zeroclaw: "https://zeroclaw.pocketenv.io", 20 + wasmer: "https://wasmer.pocketenv.io", 20 21 };
+104
apps/cf-sandbox/deploy/wasmer/Dockerfile
··· 1 + FROM node:24-slim 2 + 3 + ARG TARGETARCH 4 + 5 + COPY --from=docker.io/cloudflare/sandbox:0.7.8 /container-server/sandbox /sandbox 6 + 7 + RUN echo "deb [signed-by=/etc/apt/keyrings/doppler.gpg] https://packages.doppler.com/public/cli/deb/debian any-version main" | tee /etc/apt/sources.list.d/doppler-cli.list 8 + 9 + RUN apt-get update && apt-get install -y --no-install-recommends \ 10 + openssh-client \ 11 + git \ 12 + curl \ 13 + ca-certificates \ 14 + gnupg \ 15 + unzip \ 16 + python3 \ 17 + build-essential \ 18 + tmux \ 19 + gawk \ 20 + sed \ 21 + procps \ 22 + wget \ 23 + locales-all \ 24 + s3fs \ 25 + fontconfig 26 + 27 + ENV LC_ALL en_US.UTF-8 28 + ENV LANG en_US.UTF-8 29 + ENV LANGUAGE en_US.UTF-8 30 + 31 + RUN curl -s https://ohmyposh.dev/install.sh | bash -s 32 + 33 + RUN curl -s https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/refs/heads/main/themes/tokyonight_storm.omp.json | tee /root/.tokyonight_storm.omp.json >/dev/null && \ 34 + echo 'eval "$(oh-my-posh init bash --config ~/.tokyonight_storm.omp.json)"' >> /root/.bashrc 35 + 36 + 37 + RUN git clone --recursive --depth 1 --shallow-submodules https://github.com/akinomyoga/ble.sh.git && \ 38 + mkdir -p /root/.local && \ 39 + make -C ble.sh install PREFIX=/root/.local && \ 40 + rm -rf ble.sh && \ 41 + echo 'export LANG=en_US.UTF-8' >> ~/.bashrc && \ 42 + echo 'source -- ~/.local/share/blesh/ble.sh' >> ~/.bashrc 43 + 44 + RUN curl --proto '=https' --tlsv1.2 -LsSf https://setup.atuin.sh | sh && \ 45 + echo 'export PATH=$PATH:/root/.atuin/bin' >> ~/.bashrc && \ 46 + echo 'eval "$(atuin init bash)"' >> ~/.bashrc || true 47 + 48 + RUN case "${TARGETARCH}" in \ 49 + amd64) EZA_ARCH="x86_64-unknown-linux-musl" ;; \ 50 + arm64) EZA_ARCH="aarch64-unknown-linux-musl" ;; \ 51 + *) echo "Unsupported arch: ${TARGETARCH}" && exit 1 ;; \ 52 + esac && \ 53 + wget -qO /tmp/eza.tar.gz "https://github.com/eza-community/eza/releases/latest/download/eza_${EZA_ARCH}.tar.gz" && \ 54 + tar -xzf /tmp/eza.tar.gz -C /root/.local/bin && \ 55 + chmod +x /root/.local/bin/eza && \ 56 + rm /tmp/eza.tar.gz && \ 57 + echo 'alias ls="eza -l"' >> ~/.bashrc 58 + 59 + RUN curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | gpg --dearmor | tee /etc/apt/keyrings/doppler.gpg >/dev/null \ 60 + && echo "deb [signed-by=/etc/apt/keyrings/doppler.gpg] https://packages.doppler.com/public/cli/deb/debian any-version main" | tee /etc/apt/sources.list.d/doppler-cli.list \ 61 + && apt-get update && apt-get install -y doppler && doppler --version 62 + 63 + RUN curl -fsSL https://tailscale.com/install.sh | sh 64 + 65 + RUN mkdir -p /root/.npm-global && npm config set prefix "/root/.npm-global" 66 + 67 + ENV PATH "/root/.npm-global/bin:${PATH}" 68 + 69 + RUN npm install -g pm2 70 + 71 + RUN curl -fsSL https://deno.land/install.sh | sh 72 + 73 + RUN curl -fsSL https://bun.sh/install | bash 74 + 75 + ENV PATH "/root/.wasmer/bin:/root/.deno/bin:/root/.local/bin:${PATH}" 76 + 77 + RUN echo 'PATH="$HOME/.wasmer/bin:$HOME/.deno/bin:$HOME/.local/bin:$PATH"' >> ~/.bashrc && \ 78 + echo 'stty sane' >> ~/.bashrc && \ 79 + echo '. "$HOME/.bashrc"' >> ~/.profile 80 + 81 + 82 + COPY banner.sh /root/.local/bin 83 + 84 + RUN chmod a+x /root/.local/bin/banner.sh 85 + 86 + RUN curl -fsSL https://code-server.dev/install.sh | sh && \ 87 + code-server --install-extension bastndev.lynx-theme --force && \ 88 + curl -fsSL https://github.com/ryanoasis/nerd-fonts/releases/download/v3.4.0/CascadiaMono.zip -o /tmp/CascadiaMono.zip && \ 89 + mkdir -p /usr/share/fonts && \ 90 + unzip -o /tmp/CascadiaMono.zip -d /usr/share/fonts/CascadiaMono && \ 91 + fc-cache -fv && \ 92 + touch /root/.vscode-setup-done 93 + 94 + RUN curl https://get.wasmer.io -sSfL | sh 95 + 96 + WORKDIR /workspace 97 + 98 + ENV COMMAND_TIMEOUT_MS 300000 99 + 100 + # Required during local development to access exposed ports 101 + EXPOSE 8080 102 + EXPOSE 3000/tcp 103 + 104 + ENTRYPOINT ["/sandbox"]
+32
apps/cf-sandbox/deploy/wasmer/banner.sh
··· 1 + #!/usr/bin/env bash 2 + 3 + readonly MAGENTA="$(tput setaf 5 2>/dev/null || echo '')" 4 + readonly GREEN="$(tput setaf 2 2>/dev/null || echo '')" 5 + readonly CYAN="$(tput setaf 6 2>/dev/null || echo '')" 6 + readonly NEON="$(tput setaf 50 2>/dev/null || echo '')" 7 + readonly NO_COLOR="$(tput sgr0 2>/dev/null || echo '')" 8 + 9 + cat << EOF 10 + ${NEON} 11 + ██████╗ ██████╗ ██████╗██╗ ██╗███████╗████████╗███████╗███╗ ██╗██╗ ██╗ 12 + ██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝██╔════╝████╗ ██║██║ ██║ 13 + ██████╔╝██║ ██║██║ █████╔╝ █████╗ ██║ █████╗ ██╔██╗ ██║██║ ██║ 14 + ██╔═══╝ ██║ ██║██║ ██╔═██╗ ██╔══╝ ██║ ██╔══╝ ██║╚██╗██║╚██╗ ██╔╝ 15 + ██║ ╚██████╔╝╚██████╗██║ ██╗███████╗ ██║ ███████╗██║ ╚████║ ╚████╔╝ 16 + ╚═╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚══════╝╚═╝ ╚═══╝ ╚═══╝ 17 + ${NO_COLOR} 18 + 19 + ╭─────────────────────────────────────────────────────────────╮ 20 + │ This environment is ephemeral. │ 21 + │ What you build here lives fast and dies clean. │ 22 + │ │ 23 + │ Break systems. │ 24 + │ Spawn agents. │ 25 + │ Ship experiments. │ 26 + ╰─────────────────────────────────────────────────────────────╯ 27 + 28 + Type ${NEON}wasmer${NO_COLOR} to get started. 29 + 30 + Happy hacking! 🎉 31 + 32 + EOF
+109
apps/cf-sandbox/deploy/wasmer/wrangler.jsonc
··· 1 + /** 2 + * For more details on how to configure Wrangler, refer to: 3 + * https://developers.cloudflare.com/workers/wrangler/configuration/ 4 + */ 5 + /** 6 + * For more details on how to configure Wrangler, refer to: 7 + * https://developers.cloudflare.com/workers/wrangler/configuration/ 8 + */ 9 + { 10 + "$schema": "node_modules/wrangler/config-schema.json", 11 + "name": "wasmer", 12 + "main": "src/index.ts", 13 + "compatibility_date": "2025-05-06", 14 + "compatibility_flags": ["nodejs_compat"], 15 + "observability": { 16 + "enabled": true, 17 + }, 18 + /** 19 + * Smart Placement 20 + * Docs: https://developers.cloudflare.com/workers/configuration/smart-placement/#smart-placement 21 + */ 22 + // "placement": { "mode": "smart" } 23 + /** 24 + * Bindings 25 + * Bindings allow your Worker to interact with resources on the Cloudflare Developer Platform, including 26 + * databases, object storage, AI inference, real-time communication and more. 27 + * https://developers.cloudflare.com/workers/runtime-apis/bindings/ 28 + */ 29 + /** 30 + * Environment Variables 31 + * https://developers.cloudflare.com/workers/wrangler/configuration/#environment-variables 32 + */ 33 + // "vars": { "MY_VARIABLE": "production_value" } 34 + "vars": { 35 + "SANDBOX_TRANSPORT": "websocket", 36 + "VOLUME_BUCKET": "pocketenv-volumes", 37 + "PREVIEW_TOKEN": "wasmer", 38 + }, 39 + /** 40 + * Note: Use secrets to store sensitive data. 41 + * https://developers.cloudflare.com/workers/configuration/secrets/ 42 + */ 43 + /** 44 + * Static Assets 45 + * https://developers.cloudflare.com/workers/static-assets/binding/ 46 + */ 47 + // "assets": { "directory": "./public/", "binding": "ASSETS" } 48 + /** 49 + * Service Bindings (communicate between multiple Workers) 50 + * https://developers.cloudflare.com/workers/wrangler/configuration/#service-bindings 51 + */ 52 + // "services": [{ "binding": "MY_SERVICE", "service": "my-service" }] 53 + "containers": [ 54 + { 55 + "class_name": "Sandbox", 56 + "image": "./Dockerfile", 57 + "instance_type": "standard-3", 58 + "max_instances": 20, 59 + }, 60 + ], 61 + "durable_objects": { 62 + "bindings": [ 63 + { 64 + "class_name": "Sandbox", 65 + "name": "Sandbox", 66 + }, 67 + ], 68 + }, 69 + "migrations": [ 70 + { 71 + "new_sqlite_classes": ["Sandbox"], 72 + "tag": "v1", 73 + }, 74 + ], 75 + "hyperdrive": [ 76 + { 77 + "binding": "HYPERDRIVE", 78 + "id": "45a57339b01e45559b753ffcacbc20e4", 79 + }, 80 + ], 81 + /** 82 + * Smart Placement 83 + * https://developers.cloudflare.com/workers/configuration/smart-placement/#smart-placement 84 + */ 85 + // "placement": { "mode": "smart" } 86 + /** 87 + * Bindings 88 + * Bindings allow your Worker to interact with resources on the Cloudflare Developer Platform, including 89 + * databases, object storage, AI inference, real-time communication and more. 90 + * https://developers.cloudflare.com/workers/runtime-apis/bindings/ 91 + */ 92 + /** 93 + * Environment Variables 94 + * https://developers.cloudflare.com/workers/wrangler/configuration/#environment-variables 95 + * Note: Use secrets to store sensitive data. 96 + * https://developers.cloudflare.com/workers/configuration/secrets/ 97 + */ 98 + // "vars": { "MY_VARIABLE": "production_value" } 99 + /** 100 + * Static Assets 101 + * https://developers.cloudflare.com/workers/static-assets/binding/ 102 + */ 103 + // "assets": { "directory": "./public/", "binding": "ASSETS" } 104 + /** 105 + * Service Bindings (communicate between multiple Workers) 106 + * https://developers.cloudflare.com/workers/wrangler/configuration/#service-bindings 107 + */ 108 + // "services": [ { "binding": "MY_SERVICE", "service": "my-service" } ] 109 + }